General
-
Target
0feb3ed11175361c5974dec8e1030d48eb165ac778d64a28f93bfaa72c21629d
-
Size
2.3MB
-
Sample
240304-bmvbnaef59
-
MD5
07aa0a33eb921a940635dd804be277af
-
SHA1
16e53f37a15dc860d3e2a0a12270785d78569cf7
-
SHA256
0feb3ed11175361c5974dec8e1030d48eb165ac778d64a28f93bfaa72c21629d
-
SHA512
4e0185c618e99d1e2e095ff63b1ca9999a0e91bfd87d2e120e8fcf0c83e3ff113e73f13d9e5a2f17f06f672bcf2e25eef5df5db352aac11eed3b6bf00db177a2
-
SSDEEP
49152:8CN4LRX+yXXpJX0gRgSSlhSGmpcmueezjO:8CN49X+yHpyuUSpvuPjO
Malware Config
Targets
-
-
Target
0feb3ed11175361c5974dec8e1030d48eb165ac778d64a28f93bfaa72c21629d
-
Size
2.3MB
-
MD5
07aa0a33eb921a940635dd804be277af
-
SHA1
16e53f37a15dc860d3e2a0a12270785d78569cf7
-
SHA256
0feb3ed11175361c5974dec8e1030d48eb165ac778d64a28f93bfaa72c21629d
-
SHA512
4e0185c618e99d1e2e095ff63b1ca9999a0e91bfd87d2e120e8fcf0c83e3ff113e73f13d9e5a2f17f06f672bcf2e25eef5df5db352aac11eed3b6bf00db177a2
-
SSDEEP
49152:8CN4LRX+yXXpJX0gRgSSlhSGmpcmueezjO:8CN49X+yHpyuUSpvuPjO
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-